Reputation: 35
How do I authenticate with Node.js + Mongoose?
With the following code I'm not able to authenticate with a MongoDB database, which already has a Users schema and users associated with it and I was wondering how I would make sure that auth returned isAuth?:
exports.auth = function(username, password, session) {
User.findOne({username: username}, function(err, data) {
if (err) {
console.log(err);
}
var isAuth = username === data['username'] & password === data['password'];
if (isAuth) {
session.isAuthenticated = isAuth;
session.user = {username: username};
}
return isAuth;
});
};
Upvotes: 0
Views: 475
Answers (1)
Reputation: 111336
First of all, as others have already pointed out in the comments, you shouldn't implement your own authentication logic if you don't know what you're doing. You can use Passport for that.
Now, to the code you provided. There are several problems here.
The first thing that comes to mind is that you use:
var isAuth = username === data['username'] & password === data['password'];
instead of:
var isAuth = username === data['username'] && password === data['password'];
But this is just a typo. Now, to more fundamental stuff.
You cannot return the isAuth variable because who are you going to return it to? If you think that it will get returned to the caller of exports.auth then you're wrong - the exports.auth() will return long before the return isAuth; is ever run.
Also, if yu check for error with if (err) then put the code that should be run in the case of success in the else block o otherwise it will also be run on error with undefined variables that may crash your program.
You need to either add an additional argument to your function which is a callback:
exports.auth = function(username, password, session, callback) {
User.findOne({username: username}, function(err, data) {
if (err) {
console.log(err);
callback(err);
} else {
var isAuth = username === data.username && password === data.password;
if (isAuth) {
session.isAuthenticated = isAuth;
session.user = {username: username};
}
callback(null, isAuth);
}
});
};
or to return a promise from your exports.auth function (but directly from your exports.auth function, not some other callback inside).
Using the above version you can call it with:
auth(username, password, session, function (isAuth) {
// you have your isAuth here
});
The other option would be to use promises. You can see some other answers where I explain the difference between callbacks and promises and how to use them together in more detail, which may be helpful to you in this case:
- A detailed explanation on how to use callbacks and promises
- Explanation on how to use promises in complex request handlers
- An explanation of what a promise really is, on the example of AJAX requests
But first you need to get comfortable with callbacks.
Also, never store the passwords in cleartext in the database. Seriously, use some other solution that works like Passport. I wrote the answer to explain the process of using callbacks, not to endorse the idea of using authentication in that particular way. You have been warned.
Upvotes: 2
Related Questions
- Authenticating Username and Password in nodejs with mongodb
- How to connect mongodb(mongoose) with username and password?
- How do I connect to mongodb with node.js (and authenticate)?
- Can't connect Mongoose to MongoDB with authentication
- how to authenticate mongoose connection mongodb in node.js
- Authorization in node.js
- Mongodb authentication application - db.auth()
- How to do authentication with Node.js, Express and Mongoose?
- how to authenticate valid user in nodejs and mongo DB
- Authenticating in MongoDB with node-native